Welcome to Malware & Monsters

Overview

Malware & Monsters is an innovative security training platform that combines collaborative storytelling with creature-collection mechanics to create engaging, practical incident response training. Our gamified incident response training transforms traditional cybersecurity skills development through team-based security training experiences.

Teams work together to identify, analyze, and respond to digital threats represented as Malmons (short for Malware Monsters) - creatures with distinct behaviors, capabilities, and weaknesses. This malware monsters cybersecurity game approach makes learning engaging and memorable.

Legacy & Contemporary Threats: The framework spans cybersecurity history from foundational attacks like Code Red (2001) and Stuxnet (2010) to modern threats like LockBit and FakeBat, helping teams understand threat evolution and apply lessons across decades of cybersecurity incidents.

What Makes This Different

Your expertise drives the content - participant knowledge creates the learning experience
Incident response simulation through collaborative discovery over passive presentations
Real-world scenarios with safe learning environment that builds security awareness
Role-based teamwork reflecting actual incident response dynamics in security professional development
Community knowledge building through shared experiences and incident response tabletop exercise methodology

Documentation & Presentations

This repository contains comprehensive learning materials in multiple formats:

📖 Players Handbook

Your complete guide to participating in Malware & Monsters sessions:

Understanding Malmons and the type system
Incident response roles and team dynamics
Game mechanics and progression systems
Community collection and competitive elements

🎯 Incident Master Handbook

Complete facilitation guide for running sessions:

Facilitation philosophy and techniques
Technical foundation and MITRE ATT&CK integration
Session management and troubleshooting
Advanced scenarios and community building

🎬 Presentation Slides

RevealJS presentations with consistent theming:

Player introduction slides
IM training presentations
Executive overviews
Technical deep dives

📑 Offline Formats

Both handbooks are available in multiple offline formats:

📱 Self-Contained HTML - Complete offline versions with embedded resources, perfect for mobile devices or offline access
📄 PDF Downloads - Comprehensive PDFs for printing and offline reference

Quick Start

For Players

Read the Players Handbook to understand the philosophy
Review the core concepts about digital threats and collaborative incident response
Choose your preferred incident response role specialization
Jump into your first session - no additional prep required!

For Incident Masters

Review the Facilitation Philosophy
Practice with session management techniques and scenario facilitation
Start with beginner-friendly Malmons like GaboonGrabber

For Presenters

Create slides using make slide-template
Customize content for your audience
Present with make present

Repository Structure

malware-and-monsters/
├── docs/                    # Developer documentation and guides
├── players-handbook/        # Player documentation (13 chapters)
│   ├── chapters/           # Game rules, roles, and participation
│   └── resources/          # Quick references and practical guides
├── im-handbook/            # Facilitator documentation (15 chapters)
│   ├── chapters/           # Facilitation techniques and session management
│   └── resources/          # Malmon profiles, scenario cards, and tools
├── slides/                 # RevealJS presentation materials
├── shared/                 # Common resources and assets
│   ├── filters/           # Custom Quarto filters for game components
│   ├── malmon-cards/      # Creature definitions (12 malmons)
│   ├── badge-images/      # Progression system graphics
│   └── (styling, JavaScript, shared content)
├── _scss/                  # Unified theming and styling system
├── scripts/                # Development automation tools
├── .github/workflows/      # CI/CD automation
├── Makefile               # Unified build system
└── (configuration files)

Building the Documentation

This project uses a unified Makefile build system with Quarto for documentation generation.

Prerequisites

Quarto (version 1.4+)
Python 3 (for local server)
Optional: XeLaTeX (for PDF generation)
Optional: entr (for watch mode)

Check your setup:

make check-deps

Quick Build Commands

# Build everything (HTML + PDF + Slides)
make all

# Build and serve locally
make serve

# Build and present slides
make present

# Clean and rebuild everything
make clean all

Development Workflow

# Watch for changes and auto-rebuild
make watch

# Build specific components
make players          # Players Handbook only
make im              # IM Handbook only
make slides          # All slide decks only

Advanced Build Options

# Create new slide template
make slide-template

# Build specific slide deck (edit and rebuild individual files)
# Edit slides/your-presentation.qmd then run make slides

# Debug build information
make debug

Output Structure

_output/
├── docs/                      # Developer documentation
│   ├── BUILD_SYSTEM.md
│   ├── CONTRIBUTING.md
│   └── SLIDES_INTEGRATION.md
├── players-handbook/          # Players handbook
│   ├── index.html             # HTML version
│   ├── chapters/              # Main chapters
│   └── resources/             # Practical guides and references
│       ├── practical-guides/  # Organized by category
│       │   ├── session-prep/        # Preparation guides
│       │   ├── participation-guides/ # During-session guides
│       │   ├── role-playing-support/ # Character guides
│       │   └── learning-tools/      # Post-session resources
│       ├── quick-reference.html
│       └── type-effectiveness-chart.html
├── im-handbook/               # IM handbook
│   ├── index.html             # HTML version
│   ├── chapters/              # IM chapters
│   └── resources/             # IM resources
│       ├── malmon-details/          # Individual Malmon profiles
│       ├── practical-tools/         # Facilitation tools
│       │   ├── preparation-templates/
│       │   ├── question-banks/
│       │   ├── real-time-guides/
│       │   └── session-scripts/
│       ├── walkthroughs/            # Complete session examples
│       │   ├── complete-sessions/
│       │   └── problem-scenarios/
│       └── emergency-protocols.html
├── slides/                    # RevealJS presentations
│   └── *.html                 # Generated slide decks
├── shared/                    # Shared resources
│   └── glossary.html          # Shared terminology
├── index.html                 # Main landing page
├── community.html             # Community information
├── players-handbook.pdf       # PDF download
├── im-handbook.pdf            # PDF download
└── site_libs/                 # Quarto framework assets

Creating Presentations

The framework includes full RevealJS presentation support with consistent theming:

Creating Slides

# Generate starter template
make slide-template

# Edit your slides
vi slides/my-presentation.qmd

# Build and present
make present

Slide Features

Consistent branding with main documentation
Interactive Malmon cards and role explanations
Session flow visualizations
Speaker notes support
Fragment animations and transitions
Multi-column layouts
Statistics dashboards

Example Slide Content

---
pagetitle: "Malware & Monsters Introduction"
format:
  revealjs:
    theme: ../shared/revealjs-theme.scss
    css: ../shared/revealjs-styles.css
---

# Welcome {background-color="#2c3e50"}

## Collaborative Cybersecurity Learning

::: {.fragment}
Transform incident response training through teamwork
:::

The Malmon Collection

The framework includes detailed profiles of real malware families represented as Malmons, spanning legacy and contemporary threats:

Contemporary Malmons (2010s-2020s): - GaboonGrabber (Trojan/Stealth) - Perfect for beginners - WannaCry (Worm/Ransomware) - Network propagation scenarios - LockBit (Ransomware/Criminal) - Modern cybercrime operations - FakeBat (Trojan/Loader) - Current threat landscape

Legacy Malmons (Historical Impact): - Code Red (Worm/2001) - Foundation of internet security - Stuxnet (APT/Rootkit/2010) - Nation-state cyber warfare - Ghost RAT (Remote Access/2008) - Early APT campaigns - Poison Ivy (Backdoor/2005) - Classic persistent threats

Each Malmon includes:

Type effectiveness relationships
Evolution mechanics and triggers
Real-world technical details
MITRE ATT&CK technique mappings
Facilitation guidance for IMs

Community & Contributions

Getting Involved

Run sessions with your team or organization
Share scenarios and adaptations
Contribute Malmon profiles for new threats
Improve documentation and training materials
Build tools for session management
Create presentations for conferences and training

Contributing Guidelines

Fork the repository
Create feature branch: git checkout -b feature/new-malmon
Make changes following existing patterns
Test documentation builds: make validate
Submit pull request with clear description

Development Setup

# Clone repository
git clone https://github.com/klausagnoletti/malware-and-monsters.git
cd malware-and-monsters

# Check dependencies (FIX)
make check-deps

# Test build system
make all validate

# Start development with watch mode
make watch

Developer Guides

🏗️ Build System - Makefile documentation and development workflow
🎬 Slides Integration - RevealJS presentations and theming
🤝 Contributing Guide - How to contribute content and code

Community Resources

Discussions: Use GitHub Discussions for questions and ideas
Issues: Report bugs or request features
Contributing: See our Contributing Guide for how to get involved
Wiki: Community-contributed scenarios and adaptations
Releases: Stable versions for workshops and training

Deployment Options

Local Development

# Build and serve locally
make serve
# Available at http://localhost:8000

# Development with auto-rebuild
make watch

Building

# Build everything
make all

Educational Philosophy

Malware & Monsters is built on evidence-based learning principles:

Collaborative learning is more effective than individual study
Active practice beats passive information consumption
Diverse perspectives improve problem-solving quality
Safe failure accelerates skill development
Community knowledge benefits everyone

Technical Features

Unified Build System

Single command builds everything
Intelligent dependency tracking for fast rebuilds
Consistent theming across all formats
PDF integration with download links
RevealJS presentations with matching styles

Custom Quarto Components

Malmon card filter for interactive creature displays
ATT&CK mapping filter for technique visualization
Unified themes across books and presentations
Responsive design for all screen sizes

Development Tools

Watch mode for automatic rebuilds
Validation to check build integrity
Debug information for troubleshooting
Modular structure for easy customization

License

This project is released under Creative Commons Attribution-ShareAlike 4.0 to encourage community contribution while maintaining educational focus.

Acknowledgments

Lena Yu for the original Malmon concept and research
HackBack for the foundational incident response game framework
Klaus Agnoletti and Glen Sorensen for the initial version of Malware & Monsters and the workshop at Malware Village 2025 that started it all
MITRE ATT&CK for the threat behavior taxonomy
The cybersecurity community for collaborative learning inspiration
Quarto team for the excellent documentation framework